feat: 安全增强 + 删除密码重置申请功能 + 登录提醒开关

安全增强:
- 新增 SSRF、XXE、模板注入、敏感路径探测检测规则
- security/constants.py: 添加新的威胁类型和检测模式
- security/threat_detector.py: 实现新检测逻辑

删除密码重置申请功能:
- 移除 /api/password_resets 相关API
- 删除 password_reset_requests 数据库表
- 前端移除密码重置申请页面和菜单
- 用户只能通过邮��找回密码，未绑定邮箱需联系管理员

登录提醒全局开关:
- email_service.py: 添加 login_alert_enabled 字段
- routes/api_auth.py: 检查开关状态再发送登录提醒
- EmailPage.vue: 添加新设备登录提醒开关

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

email_service.py

@@ -154,6 +154,7 @@ def init_email_tables():
                 enabled INTEGER DEFAULT 0,
                 failover_enabled INTEGER DEFAULT 1,
                 register_verify_enabled INTEGER DEFAULT 0,
+                login_alert_enabled INTEGER DEFAULT 1,
                 task_notify_enabled INTEGER DEFAULT 0,
                 base_url TEXT DEFAULT '',
                 updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
@@ -244,8 +245,8 @@ def get_email_settings() -> Dict[str, Any]:
     with db_pool.get_db() as conn:
         cursor = conn.cursor()
         cursor.execute("""
-            SELECT enabled, failover_enabled, register_verify_enabled, base_url,
-                   task_notify_enabled, updated_at
+            SELECT enabled, failover_enabled, register_verify_enabled, login_alert_enabled,
+                   base_url, task_notify_enabled, updated_at
             FROM email_settings WHERE id = 1
         """)
         row = cursor.fetchone()
@@ -254,14 +255,16 @@ def get_email_settings() -> Dict[str, Any]:
                 'enabled': bool(row[0]),
                 'failover_enabled': bool(row[1]),
                 'register_verify_enabled': bool(row[2]) if row[2] is not None else False,
-                'base_url': row[3] or '',
-                'task_notify_enabled': bool(row[4]) if row[4] is not None else False,
-                'updated_at': row[5]
+                'login_alert_enabled': bool(row[3]) if row[3] is not None else True,
+                'base_url': row[4] or '',
+                'task_notify_enabled': bool(row[5]) if row[5] is not None else False,
+                'updated_at': row[6]
             }
         return {
             'enabled': False,
             'failover_enabled': True,
             'register_verify_enabled': False,
+            'login_alert_enabled': True,
             'base_url': '',
             'task_notify_enabled': False,
             'updated_at': None
@@ -272,6 +275,7 @@ def update_email_settings(
     enabled: bool,
     failover_enabled: bool,
     register_verify_enabled: bool = None,
+    login_alert_enabled: bool = None,
     base_url: str = None,
     task_notify_enabled: bool = None
 ) -> bool:
@@ -287,6 +291,10 @@ def update_email_settings(
             updates.append('register_verify_enabled = ?')
             params.append(int(register_verify_enabled))
 
+        if login_alert_enabled is not None:
+            updates.append('login_alert_enabled = ?')
+            params.append(int(login_alert_enabled))
+
         if base_url is not None:
             updates.append('base_url = ?')
             params.append(base_url)